Skills
skills/akiojin/unity-cli/unity-scene-create/Gen Agent Trust Hub

unity-scene-create

Warn

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The documentation in 'references/runtime-checklist.md' suggests using 'cargo run -- ' to compile and execute the project from source if the 'unity-cli' binary is not found on the system path.
  • [PROMPT_INJECTION]: Indirect prompt injection surface detected.
  • Ingestion points: User-provided strings for scene names, GameObject names, and component types enter the context via natural language requests and are used in shell commands.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded prompts are present in the command templates.
  • Capability inventory: The skill uses the 'Bash' tool to execute shell commands and tool payloads.
  • Sanitization: There is no evidence of input validation or shell escaping for user-supplied arguments before interpolation into 'unity-cli' commands or JSON payloads.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 25, 2026, 02:58 PM